Chapter 17 Computer Crime Hess 17-1

Introduction Computer crimes are relatively easy to commit and difficult to detect Most computer crimes are not prosecuted Crimes involving computers have become much more sophisticated Most computers on the planet are connected via the Internet A new breed of detective—the cybercrime investigator Hess 17-2

SOURCES IC Internet Crime Report 2010 CyberSecurity Watch Survey 2010/2011 CSI Computer Crime and Security Survey Created a fundamental change in law enforcement agencies Hess 17-3 The Scope and Cost of the Problem

COMMON TERMS Cybercrime Cybertechnology Cyberspace E-crime Hess 17-4 Terminology and Definitions

THE NET VERSUS THE WEB Net is a network of networks Web is an abstract space of information LIVE CHAT AND INSTANT MESSAGING Two or more people Talk online in real time Hess 17-5 Terminology and Definitions

OVERVIEW Computer as target Computer as tool Computer as incidental to an offense Be aware of the ever-expanding ways Hess 17-6 Classification and Types of Computer Crimes

COMPUTER AS TARGET Viruses and worms Invariably involves hacking COMPUTER AS TOOL Traditional methods elevated Many offenses overlap Hess 17-7 Classification and Types of Computer Crimes

OVERVIEW Reluctance or failure to report crime Lack of training Need for specialists Fragility of the evidence Jurisdictional issues Hess 17-8 Special Challenges in Investigation

NONREPORTING OF COMPUTER CRIMES Did not think law enforcement could help Too insignificant to report LACK OF INVESTIGATOR TRAINING Cybercriminals are more technologically sophisticated Law enforcement needs additional training Hess 17-9 Special Challenges in Investigation

NEED FOR SPECIALISTS AND TEAMWORK Cybercrime unit FRAGILITY AND SENSITIVITY OF EVIDENCE Computer evidence is very fragile Can be altered or damaged easily Could be rendered unusable Hess Special Challenges in Investigation

JURISDICTIONAL ISSUES Traditional boundaries are complicated Double criminality Need for unified global approach Federal versus state Growing pains for this area of law Hess Special Challenges in Investigation

COMMON PROTOCOL Secure, evaluate and document crime scene Obtain a search warrant Recognize, identify, collect and preserve the evidence Package, transport and store evidence Submit digital evidence Document in an incident report Hess The Preliminary Investigation

SECURING AND EVALUATING THE SCENE Basic ON/OFF tenet Follow departmental policy Ensure that no unauthorized person has access Ensure condition of electronic device is not altered Properly document Hess The Preliminary Investigation

OBTAINING A SEARCH WARRANT Searches may be conducted by consent Suspect unknown, warrant must be obtained Have both a consent search form and a search warrant Avoid destruction of evidence Hess The Preliminary Investigation

RECOGNIZING EVIDENCE Conventional  Fingerprints  Documents  Hard drive Digital  Electronic files  s Hess The Preliminary Investigation

DOCUMENTING DIGITAL EVIDENCE Thorough notes, sketches and photographs Document condition and location of computer system Photograph the entire scene Photograph the front and back of the computer Hess The Preliminary Investigation

COLLECTING PHYSICAL AND DIGITAL EVIDENCE Evidence often contained on disks Devices may have fingerprints Avoid contact with recording surfaces Evidence log Chain of custody issues Hess The Preliminary Investigation

PACKAGING, TRANSPORTING AND STORING DIGITAL EVIDENCE Keep away from magnetic fields Store away from humidity extremes Do not use plastic bags Be aware of battery needs Hess The Preliminary Investigation

DATA ANALYSIS AND RECOVERY Deleted files remain on hard drive Forensic expert can make viewable Recycle bin Data remanence Hess Forensic Examination of Computer Evidence

WARRANT EXCEPTIONS Contraband, fruits or instrumentalities of the crime Prevent death or serious bodily injury Has committed or is committing a criminal offense to which the materials relate Hess Legal Considerations in Collecting and Analyzing Computer Evidence

DEVELOPING SUSPECTS Most cybercrimes committed by outsiders Three categories  Crackers  Vandals  Criminals Hess Follow-Up Investigation

ORGANIZED CYBERCRIME GROUPS Generally not loyal to one another Operate in countries with weak hacking laws UNDERCOVER INVESTIGATION AND SURVEILLANCE Headed by computer expert Online undercover officer Hess Follow-Up Investigation

VULNERABILITY Access via phone lines Critical nature of law enforcement data Agency’s network should be a top priority Evidence logs Other valuable data Hess Security of the Police Department’s Computers

GOVERNMENT MEASURES USA PATRIOT Act Foreign Intelligence Surveillance Act (FISA) National Security Letter (NSL) Child Protection and Sexual Predator Punishment Act All states have enacted tough computer crime control laws Hess Legislation

CYBER SPECIALISTS Often requires a team approach Equipment owner Database technicians Auditors Computer experts Programmers Hess The Investigative Team

SOURCES National Cybercrime Training Partnership (NCTP) Electronic Crimes Task Forces (ECTFs) Perverted Justice NetSmartz Hess Resources Available

STRATEGIES Educating top management Educating employees Instituting internal security precautions Management  Commitment to defend against computer crime  Organization-wide policies Hess Preventing Computer Crime

Summary Computer crimes are relatively easy to commit and difficult to detect Basic tenet for first responders at computer crime scenes is to observe the ON/OFF rule Most cybercrimes against businesses are committed by outsiders Investigating such crimes often requires a team approach Hess 17-28